diff options
author | Ilya Etingof <etingof@gmail.com> | 2017-08-03 02:33:27 +0200 |
---|---|---|
committer | Ilya Etingof <etingof@gmail.com> | 2017-08-03 03:00:55 +0200 |
commit | 18421d4bb5a69e8236675bd861acacb05d13dc70 (patch) | |
tree | 13f86ad930f925bf73b306f2b1b716dbb312a913 /pysnmp/proto | |
parent | 69a2979d950184af03b1b75453e1a44c9f5197e5 (diff) | |
download | pysnmp-git-18421d4bb5a69e8236675bd861acacb05d13dc70.tar.gz |
refactor digest size getter into property, handle the case of unavailable crypto
Diffstat (limited to 'pysnmp/proto')
-rw-r--r-- | pysnmp/proto/secmod/eso/priv/aesbase.py | 4 | ||||
-rw-r--r-- | pysnmp/proto/secmod/eso/priv/des3.py | 8 | ||||
-rw-r--r-- | pysnmp/proto/secmod/rfc3414/auth/base.py | 5 | ||||
-rw-r--r-- | pysnmp/proto/secmod/rfc3414/auth/hmacmd5.py | 3 | ||||
-rw-r--r-- | pysnmp/proto/secmod/rfc3414/auth/hmacsha.py | 3 | ||||
-rw-r--r-- | pysnmp/proto/secmod/rfc3414/priv/des.py | 8 | ||||
-rw-r--r-- | pysnmp/proto/secmod/rfc3414/service.py | 2 | ||||
-rw-r--r-- | pysnmp/proto/secmod/rfc3826/priv/aes.py | 8 | ||||
-rw-r--r-- | pysnmp/proto/secmod/rfc7860/auth/hmacsha2.py | 82 |
9 files changed, 69 insertions, 54 deletions
diff --git a/pysnmp/proto/secmod/eso/priv/aesbase.py b/pysnmp/proto/secmod/eso/priv/aesbase.py index 43bb724b..a8667139 100644 --- a/pysnmp/proto/secmod/eso/priv/aesbase.py +++ b/pysnmp/proto/secmod/eso/priv/aesbase.py @@ -68,8 +68,8 @@ class AbstractAesReeder(aes.Aes): hashAlgo = md5 elif authProtocol == hmacsha.HmacSha.serviceID: hashAlgo = sha1 - elif authProtocol in hmacsha2.HmacSha2.hashAlgo: - hashAlgo = hmacsha2.HmacSha2.hashAlgo[authProtocol] + elif authProtocol in hmacsha2.HmacSha2.hashAlgorithms: + hashAlgo = hmacsha2.HmacSha2.hashAlgorithms[authProtocol] else: raise error.ProtocolError( 'Unknown auth protocol %s' % (authProtocol,) diff --git a/pysnmp/proto/secmod/eso/priv/des3.py b/pysnmp/proto/secmod/eso/priv/des3.py index 16d770e9..ac082c7f 100644 --- a/pysnmp/proto/secmod/eso/priv/des3.py +++ b/pysnmp/proto/secmod/eso/priv/des3.py @@ -47,8 +47,8 @@ class Des3(base.AbstractEncryptionService): hashAlgo = md5 elif authProtocol == hmacsha.HmacSha.serviceID: hashAlgo = sha1 - elif authProtocol in hmacsha2.HmacSha2.hashAlgo: - hashAlgo = hmacsha2.HmacSha2.hashAlgo[authProtocol] + elif authProtocol in hmacsha2.HmacSha2.hashAlgorithms: + hashAlgo = hmacsha2.HmacSha2.hashAlgorithms[authProtocol] else: raise error.ProtocolError( 'Unknown auth protocol %s' % (authProtocol,) @@ -61,8 +61,8 @@ class Des3(base.AbstractEncryptionService): hashAlgo = md5 elif authProtocol == hmacsha.HmacSha.serviceID: hashAlgo = sha1 - elif authProtocol in hmacsha2.HmacSha2.hashAlgo: - hashAlgo = hmacsha2.HmacSha2.hashAlgo[authProtocol] + elif authProtocol in hmacsha2.HmacSha2.hashAlgorithms: + hashAlgo = hmacsha2.HmacSha2.hashAlgorithms[authProtocol] else: raise error.ProtocolError( 'Unknown auth protocol %s' % (authProtocol,) diff --git a/pysnmp/proto/secmod/rfc3414/auth/base.py b/pysnmp/proto/secmod/rfc3414/auth/base.py index 133416b8..37e8c4d7 100644 --- a/pysnmp/proto/secmod/rfc3414/auth/base.py +++ b/pysnmp/proto/secmod/rfc3414/auth/base.py @@ -15,8 +15,9 @@ class AbstractAuthenticationService(object): def localizeKey(self, authKey, snmpEngineID): raise error.ProtocolError(errind.noAuthentication) - - def getTagLen(self): + + @property + def digestLength(self): raise error.ProtocolError(errind.noAuthentication) # 7.2.4.1 diff --git a/pysnmp/proto/secmod/rfc3414/auth/hmacmd5.py b/pysnmp/proto/secmod/rfc3414/auth/hmacmd5.py index 13b27e10..907f1ce6 100644 --- a/pysnmp/proto/secmod/rfc3414/auth/hmacmd5.py +++ b/pysnmp/proto/secmod/rfc3414/auth/hmacmd5.py @@ -32,7 +32,8 @@ class HmacMd5(base.AbstractAuthenticationService): def localizeKey(self, authKey, snmpEngineID): return localkey.localizeKeyMD5(authKey, snmpEngineID) - def getTagLen(self): + @property + def digestLength(self): return 12 # 6.3.1 diff --git a/pysnmp/proto/secmod/rfc3414/auth/hmacsha.py b/pysnmp/proto/secmod/rfc3414/auth/hmacsha.py index 16cb2149..3ac7c33b 100644 --- a/pysnmp/proto/secmod/rfc3414/auth/hmacsha.py +++ b/pysnmp/proto/secmod/rfc3414/auth/hmacsha.py @@ -32,7 +32,8 @@ class HmacSha(base.AbstractAuthenticationService): def localizeKey(self, authKey, snmpEngineID): return localkey.localizeKeySHA(authKey, snmpEngineID) - def getTagLen(self): + @property + def digestLength(self): return 12 # 7.3.1 diff --git a/pysnmp/proto/secmod/rfc3414/priv/des.py b/pysnmp/proto/secmod/rfc3414/priv/des.py index e38239ad..dd07d4d0 100644 --- a/pysnmp/proto/secmod/rfc3414/priv/des.py +++ b/pysnmp/proto/secmod/rfc3414/priv/des.py @@ -45,8 +45,8 @@ class Des(base.AbstractEncryptionService): hashAlgo = md5 elif authProtocol == hmacsha.HmacSha.serviceID: hashAlgo = sha1 - elif authProtocol in hmacsha2.HmacSha2.hashAlgo: - hashAlgo = hmacsha2.HmacSha2.hashAlgo[authProtocol] + elif authProtocol in hmacsha2.HmacSha2.hashAlgorithms: + hashAlgo = hmacsha2.HmacSha2.hashAlgorithms[authProtocol] else: raise error.ProtocolError( 'Unknown auth protocol %s' % (authProtocol,) @@ -58,8 +58,8 @@ class Des(base.AbstractEncryptionService): hashAlgo = md5 elif authProtocol == hmacsha.HmacSha.serviceID: hashAlgo = sha1 - elif authProtocol in hmacsha2.HmacSha2.hashAlgo: - hashAlgo = hmacsha2.HmacSha2.hashAlgo[authProtocol] + elif authProtocol in hmacsha2.HmacSha2.hashAlgorithms: + hashAlgo = hmacsha2.HmacSha2.hashAlgorithms[authProtocol] else: raise error.ProtocolError( 'Unknown auth protocol %s' % (authProtocol,) diff --git a/pysnmp/proto/secmod/rfc3414/service.py b/pysnmp/proto/secmod/rfc3414/service.py index d0a88c9c..714595c9 100644 --- a/pysnmp/proto/secmod/rfc3414/service.py +++ b/pysnmp/proto/secmod/rfc3414/service.py @@ -438,7 +438,7 @@ class SnmpUSMSecurityModel(AbstractSecurityModel): # extra-wild hack to facilitate BER substrate in-place re-write securityParameters.setComponentByPosition( - 4, '\x00' * authHandler.getTagLen() + 4, '\x00' * authHandler.digestLength ) debug.logger & debug.flagSM and debug.logger( diff --git a/pysnmp/proto/secmod/rfc3826/priv/aes.py b/pysnmp/proto/secmod/rfc3826/priv/aes.py index 734e9643..d390f455 100644 --- a/pysnmp/proto/secmod/rfc3826/priv/aes.py +++ b/pysnmp/proto/secmod/rfc3826/priv/aes.py @@ -78,8 +78,8 @@ class Aes(base.AbstractEncryptionService): hashAlgo = md5 elif authProtocol == hmacsha.HmacSha.serviceID: hashAlgo = sha1 - elif authProtocol in hmacsha2.HmacSha2.hashAlgo: - hashAlgo = hmacsha2.HmacSha2.hashAlgo[authProtocol] + elif authProtocol in hmacsha2.HmacSha2.hashAlgorithms: + hashAlgo = hmacsha2.HmacSha2.hashAlgorithms[authProtocol] else: raise error.ProtocolError( 'Unknown auth protocol %s' % (authProtocol,) @@ -91,8 +91,8 @@ class Aes(base.AbstractEncryptionService): hashAlgo = md5 elif authProtocol == hmacsha.HmacSha.serviceID: hashAlgo = sha1 - elif authProtocol in hmacsha2.HmacSha2.hashAlgo: - hashAlgo = hmacsha2.HmacSha2.hashAlgo[authProtocol] + elif authProtocol in hmacsha2.HmacSha2.hashAlgorithms: + hashAlgo = hmacsha2.HmacSha2.hashAlgorithms[authProtocol] else: raise error.ProtocolError( 'Unknown auth protocol %s' % (authProtocol,) diff --git a/pysnmp/proto/secmod/rfc7860/auth/hmacsha2.py b/pysnmp/proto/secmod/rfc7860/auth/hmacsha2.py index 60453c53..ddf24b51 100644 --- a/pysnmp/proto/secmod/rfc7860/auth/hmacsha2.py +++ b/pysnmp/proto/secmod/rfc7860/auth/hmacsha2.py @@ -7,15 +7,16 @@ try: from hashlib import sha224, sha256, sha384, sha512 import hmac + SHA = True except ImportError: - import logging - logging.debug('SHA-2 HMAC authentication unavailable', exc_info=True) + SHA = False from pyasn1.type import univ from pysnmp.proto.secmod.rfc3414.auth import base from pysnmp.proto.secmod.rfc3414 import localkey from pysnmp.proto import errind, error + # 7.2.4 class HmacSha2(base.AbstractAuthenticationService): @@ -23,34 +24,34 @@ class HmacSha2(base.AbstractAuthenticationService): sha256ServiceID = (1, 3, 6, 1, 6, 3, 10, 1, 1, 5) # usmHMAC192SHA256AuthProtocol sha384ServiceID = (1, 3, 6, 1, 6, 3, 10, 1, 1, 6) # usmHMAC256SHA384AuthProtocol sha512ServiceID = (1, 3, 6, 1, 6, 3, 10, 1, 1, 7) # usmHMAC384SHA512AuthProtocol - keyLength = { - sha224ServiceID : 28, - sha256ServiceID : 32, - sha384ServiceID : 48, - sha512ServiceID : 64 + keyLengths = { + sha224ServiceID: 28, + sha256ServiceID: 32, + sha384ServiceID: 48, + sha512ServiceID: 64 } - tagLength = { - sha224ServiceID : 16, - sha256ServiceID : 24, - sha384ServiceID : 32, - sha512ServiceID : 48 + digestLengths = { + sha224ServiceID: 16, + sha256ServiceID: 24, + sha384ServiceID: 32, + sha512ServiceID: 48 } - hashAlgo = { - sha224ServiceID : sha224, - sha256ServiceID : sha256, - sha384ServiceID : sha384, - sha512ServiceID : sha512 + hashAlgorithms = { + sha224ServiceID: sha224, + sha256ServiceID: sha256, + sha384ServiceID: sha384, + sha512ServiceID: sha512 } __ipad = [0x36] * 64 __opad = [0x5C] * 64 def __init__(self, oid): - if not oid in HmacSha2.hashAlgo: - raise error.ProtocolError('no such SHA-2 authentication algorithm', oid) - self.__hashAlgo = HmacSha2.hashAlgo[oid] - self.__tagLength = HmacSha2.tagLength[oid] - self.__placeHolder = univ.OctetString((0,) * self.__tagLength).asOctets() + if oid not in self.hashAlgorithms: + raise error.ProtocolError('No SHA-2 authentication algorithm %s available' % (oid,)) + self.__hashAlgo = self.hashAlgorithms[oid] + self.__digestLength = self.digestLengths[oid] + self.__placeHolder = univ.OctetString((0,) * self.__digestLength).asOctets() def hashPassphrase(self, authKey): return localkey.hashPassphrase(authKey, self.__hashAlgo) @@ -58,48 +59,59 @@ class HmacSha2(base.AbstractAuthenticationService): def localizeKey(self, authKey, snmpEngineID): return localkey.localizeKey(authKey, snmpEngineID, self.__hashAlgo) - def getTagLen(self): - return self.__tagLength + @property + def digestLength(self): + return self.__digestLength # 7.3.1 def authenticateOutgoingMsg(self, authKey, wholeMsg): + if not SHA: + raise error.StatusInformation( + errorIndication=errind.authenticationError + ) + # 7.3.1.1 - l = wholeMsg.find(self.__placeHolder) - if l == -1: + location = wholeMsg.find(self.__placeHolder) + if location == -1: raise error.ProtocolError('Can\'t locate digest placeholder') - wholeHead = wholeMsg[:l] - wholeTail = wholeMsg[l + self.__tagLength:] + wholeHead = wholeMsg[:location] + wholeTail = wholeMsg[location + self.__digestLength:] # 7.3.1.2, 7.3.1.3 mac = hmac.new(authKey.asOctets(), wholeMsg, self.__hashAlgo) # 7.3.1.4 - mac = mac.digest()[:self.__tagLength] + mac = mac.digest()[:self.__digestLength] # 7.3.1.5 & 6 return wholeHead + mac + wholeTail # 7.3.2 def authenticateIncomingMsg(self, authKey, authParameters, wholeMsg): + if not SHA: + raise error.StatusInformation( + errorIndication=errind.authenticationError + ) + # 7.3.2.1 & 2 - if len(authParameters) != self.__tagLength: + if len(authParameters) != self.__digestLength: raise error.StatusInformation( errorIndication=errind.authenticationError ) # 7.3.2.3 - l = wholeMsg.find(authParameters.asOctets()) - if l == -1: + location = wholeMsg.find(authParameters.asOctets()) + if location == -1: raise error.ProtocolError('Can\'t locate digest in wholeMsg') - wholeHead = wholeMsg[:l] - wholeTail = wholeMsg[l + self.__tagLength:] + wholeHead = wholeMsg[:location] + wholeTail = wholeMsg[location + self.__digestLength:] authenticatedWholeMsg = wholeHead + self.__placeHolder + wholeTail # 7.3.2.4 mac = hmac.new(authKey.asOctets(), authenticatedWholeMsg, self.__hashAlgo) # 7.3.2.5 - mac = mac.digest()[:self.__tagLength] + mac = mac.digest()[:self.__digestLength] # 7.3.2.6 if mac != authParameters: |